找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 7442|回复: 8

checkpoint r54 安装过程中各个组件的关系及方法

[复制链接]
发表于 2004-9-17 10:53:46 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?注册

×
In This SectionInstalling and Configuring VPN-1/FireWall-1        Installing the SmartConsole        Install the following components:VPN-1/FireWall-1 - install the components (SmartCenter Server, Enforcement module, Log Server) that will manage or enforce the Security Policy. SmartConsole - install a  SmartConsole to manage different aspects of VPN-1/FireWall-1. For instance, SmartDashboard is used by the system administrator to manage and create the Security Policy. Any number of  SmartConsole can be installed on the same machine.The VPN-1/FireWall-1 installation process unwinds gradually. Without the user realizing it, several features are installed automatically, such as:the default filter which protects the machine until a Security Policy is defined, as well as the SVN Foundation which is the technological backbone common to all VPN-1/FireWall-1 componentsInstalling and Configuring VPN-1/FireWall-11        Run the Wrapper.2        Accept the End-Users License Agreement (EULA).3        Select the type of deployment (whether standalone or distributed) and select the Check Point product VPN-1/FireWall-1.4        If you chose a standalone deployment, the Enforcement module and the SmartCenter Server are installed together. If you chose a distributed deployment, you must install each separate component on the relevant machine. The SmartCenter Server must always be installed before the Enforcement module. A Log Server can be installed on the same machine as the SmartCenter Server, or it can be installed on another machine. 5        If you are using the Check Point Management High Availability feature, select one of the following:Primary SmartCenterSecondary SmartCenterIf you are not using the Check Point Management High Availability feature, the SmartCenter Server is by default considered to be the Primary Management. If you are using Management High Availability, the next SmartCenter Server defined must be defined as the Secondary Management, which will take over from the Primary Management if the Primary Management fails. 6        Confirm the default directory, or browse to a directory in which you would like to install VPN-1/FireWall-1.7        Configure the VPN-1/FireWall-1 component using the Check Point Configuration tool. See Check Point Configuration Tool for more information.8        After the Check Point Configuration tool has completed, the VPN-1/FireWall-1 installation process is complete. You must then reboot the computer.Check Point Configuration ToolThe Configuration Tool is used to configure the VPN-1/FireWall-1 components. It runs automatically during a new installation or an upgrade of an existing installation. It can be run at a later time to reconfigure already installed products. To start the Check Point Configuration Tool, enter  cpconfig at the command prompt, or in Windows, Start>Programs>SmartConsole >Check Point Configuration NG.The Configuration Tool consists of several pages whose settings must be configured in order to complete the VPN-1/FireWall-1 installation. The windows that are displayed depend on the Check Point component installed, and include:Licenses - create a license in the Check Point License Center (User Center: http://www.checkpoint.com/usercenter) and add it to this page. For more information about licenses, see Check Point Licenses.Administrators - create an administrator with permission to access the SmartCenter Server using the  SmartConsole. The availability of permissions depends on the installed products. For information about administrators, see Administrators and the Login Procedure.GUI Clients - configure this window in order to login remotely to a  SmartConsole. Add the details of a Remote Host. The Administrator will be allowed to login from the specified machine.Key Hit Session - enter random key strokes in order to create a text string which will be used for various cryptographic purposes. Once the bar is full, the session is complete.Certificate Authority - to enable secure communication between the SmartCenter Server and its modules, you must initialize and start the Internal Certificate Authority (ICA). The ICA name should be a resolvable name in the format  hostname.domain, for example,  host.checkpoint.com. It is essential that this name be correct in order for VPN to be able to work. Secure Internal Communication - establish trust between the module and the SmartCenter Server. Trust is established through the use of SIC certificates which are issued and delivered by the ICA to the SmartCenter Server and to the modules. Enter an Activation Key in this window and in the Communication window of the module's object in SmartDashboard. The Activation Key must be identical in both places. For more information about SIC, see Securing Channels of Communication Between Internal Components (SIC).Fingerprint - The Fingerprint is used the first time you login to a  SmartConsole in order to verify the identity of the SmartCenter Server. When you login, you will be asked to compare and contrast the displayed fingerprint with this fingerprint in order to verify the identity of the SmartCenter being accessed using  SmartConsole. Export the fingerprint shown in this window, so that you can recall it on login.Installing the SmartConsoleThe  SmartConsole can be installed standalone or on a SmartCenter Server. If they are installed standalone, they should be defined as Remote Hosts in Check Point Configuration tool on the SmartCenter Server.1        Run the Wrapper.2        Accept the End-Users License Agreement (EULA), if you have a previous installation you must decide whether to override or maintain the existing version.3        Select the directory in which you would like to save the installation.4        Select the  SmartConsole that you would like to install. SmartDashboard is used by the system administrator to define and manage the Security Policy. From this  SmartConsole you can access many Check Point features and add-ons.SmartView Tracker is used for managing and tracking logs and alerts throughout the system.SmartView Status is used for managing, viewing and testing the status of various Check Point components throughout the system.SmartUpdate is used to manage and maintain a license repository, as well as to facilitate upgrading Check Point software.SecureClient Packaging Tool is used to define user profiles for SecuRemote/SecureClient clients.SmartView Monitor is used to monitor and generate reports on traffic on interfaces, VPN-1/FireWall-1 and QoS modules, as well as on other Check Point System counters.SmartView Reporter is used to generate reports for different aspects of network activity.User Monitor is used for managing SecuRemote users.SmartLSM is used for managing large numbers of ROBO Gateways using SmartCenter Server.5        The installation process runs its course and is completed. You can now start to work with the  SmartConsole.
routeros
发表于 2004-9-18 14:32:51 | 显示全部楼层
用了一天了,开始觉得不是特别难了,和别得也差不了很多,具体得功能还要去发觉一下。。
routeros
回复

使用道具 举报

发表于 2004-9-18 18:55:54 | 显示全部楼层
好像5.4的破解和以前的不同了很多,谁有个4。X系列的就可以破解了。谢谢楼上提供4。x的破解!
routeros
回复

使用道具 举报

 楼主| 发表于 2004-9-18 20:00:23 | 显示全部楼层
你用4.1版的破解程序把它(5.4)破解了吗?能说说吗?另外我觉得学cp 要有一个总的思路,毕竟入门最难嘛,只要这个思路找到了、入了门,学起来也就快了。另外cp更多的是基于模块化的企业级应用,企业级姑且就不说了,但分布式模块化的特点是最值得我们深入研究的。呵呵,一家之言
routeros
回复

使用道具 举报

发表于 2004-9-18 20:48:28 | 显示全部楼层
没有破解5.4,是说谁4。x版本的就已经可以破解使用了!看了一边cp5.4的ADVENTE的DEMO,感觉和平时的防火墙区别不是很到。在DDOS等攻击好像有专门的设置参数做为一个项,这个是个有特色的地方!不知道是否你说的模块化设计的!在防火墙的具体应用规则上,感觉是分析功能大了些,对控制的条件可以自己调整的参数比较多,是不错的设计。用了两个小时把什么功能参数都看一边,感觉这个防火墙也没那么强大。功能都和linux是差不多!如果要学,熟悉它会比较有帮助!我也是第一次接触它,以前一直没装上。如果有解决KEY的办法就好了,就考虑应用做企业防火墙。具体的问题我们再交流!PS,我的只可以使用15天,有问题要快点讨论了哦!不过好像调时间又可以回到可以使用的状态,而不会出错哦!
routeros
回复

使用道具 举报

发表于 2004-9-19 07:37:58 | 显示全部楼层
还是没有理解cp的精髓。。。。。关键是我们没有那么大的环境。。。cp的模块化设计思想是非常优秀的。。。而且cp的功能的确是非常强大。尤其是报表,B4志,ids等等好多方面如果单纯比较防火墙过滤规则。。那么会得出一个结论所有的防火墙都一样防火墙技术目前发展的比较成熟了。。。现在就是如何在保证安全(当然不可能绝对的)的情况下如何提高速度。。。。。
routeros
回复

使用道具 举报

发表于 2004-9-19 08:03:01 | 显示全部楼层
cp的ids,记录分析功能的确强大,对于提供服务的servervs来做,起到的保护很好。cp的功能暂时了解的还不多,不过更多的看上去还是用再企业防火墙上,好像不怎么需要别的环境,不知道大环境是什么,也是才接触中。。
routeros
回复

使用道具 举报

发表于 2004-9-19 09:34:35 | 显示全部楼层
1.2.1.         Check Point FireWall-1产品包括以下模块:l        基本模块:ü        状态检测模块(Inspection Module):提供访问控制、客户机认证、会话认证、地址翻译和审计功能;ü        防火墙模块(FireWall Module):包含一个状态检测模块,另外提供用户认证、内容安全和多防火墙同步功能;ü        管理模块(Management Module):对一个或多个安全策略执行点(安装了FireWall-1的某个模块,如状态检测模块、防火墙模块或路由器安全管理模块等的系统)提供集中的、图形化的安全管理功能;l        可选模块ü        连接控制(Connect Control):为提供相同服务的多个应用服务器提供负载平衡功能;ü        路由器安全管理模块(Router Security Management):提供通过防火墙管理工作站配置、维护3Com,Cisco,Bay等路由器的安全规则;ü        其它模块,如加密模块等。l        图形用户界面(GUI):是管理模块功能的体现,包括ü        策略编辑器:维护管理对象、建立安全规则、把安全规则施加到安全策略执行点上去;ü        B4志查看器:查看经过防火墙的连接,识别并阻断攻击;ü        系统状态查看器:查看所有被保护对象的状态。
routeros
回复

使用道具 举报

发表于 2004-9-19 09:35:38 | 显示全部楼层
比较项目        CHECK POINT FIREWALL-1        CISCO PIX防火墙产品        产品类型        Check Point FireWall-1 4.0        Cisco PIX Firewall 520        介质        软件防火墙        硬件防火墙        操作系统        Solaris 2.6        ??        CPU品牌/类型/频率        Sun/UltraSPARC-II/300 MHz        Intel/Pentium/ 233 MHz        硬件平台        Sun Ultra II        520技术        核心技术        完全的状态检测技术        ASA自适应安全算法        状态信息        从七个层次得到的信息        关于数据包的来源和目的的信息访问控制        网络层过滤        FTP, HTTP, SMTP        HTTP, SMTP        认证方法        RADIUS, TACACS, TACACS+, SecurID, Defender, OS password, S/Key        RADIUS, TACACS+, Secure, AXENT, CRYPTOCard, NDS, NT domain,Unix domain        协议认证        All protocols        FTP, HTTP, telnet        URL过滤        支持        支持        第三方URL过滤支持        WebSense, SurfWatch        Finjan, Trend, WorldTalk        内容过滤        支持        支持        第三方病毒扫描产品支持        Trend Micro, Symantec, eSafe, Data Fellows,Integralis        MIMEsweeper, Trend        端口转换        支持        支持        网络地址转换        支持        支持                        管理        远程GUI        支持        支持        远程GUI可管理防火墙的数量        无限制        10个        远程GUI和被管理的防火墙的会话加密        加密        加密,w/optional encryption card        远程GUI平台支持        Solaris, Windows NT, 95, AIX, HP-UX        Windows NT        事件经由SNMP Trap提示        支持        支持        事件经由e-mail提示        支持        支持        事件经由自定义的脚本提示        支持        不支持                        B4志/报告        计费        支持        支持        B4志信息排序        支持        不支持        B4志信息过滤        支持        支持        B4志文件格式        文本格式        系统B4志格式        B4志文件输出格式        ASCII        文本                        VPN        IPSec加密算法支持        DES, Triple DES        DES, Triple DES        IPSec认证算法支持        MD5, SHA-1, CBC-DES-MAC        MD5, SHA-1        IKE支持        支持        支持        其它加密算法支持        RC4-40, FWZ-1, DES-40, CAST, CAST-40        不支持        其它认证算法支持        不支持        MD5        CA服务器产品支持        Entrust        Netscape (Entrust and VeriSign)                        性能(100M带宽情况下)        延迟时间(单位:秒)        不启动NAT        0.0287        0.0234                启动NAT        0.033        0.0234        吞吐率(Mbps)        不启动NAT        60        75                启动NAT        45        75                        可扩展性                系统扩展只需要增加相应的模块即可        系统扩展需要更换设备可升级性                软件可升级方便、维护简单        硬件升级比较复杂互操作性        同路由器        可管理3Com、Cisco、Bay路由器的安全规则        仅可同Cisco路由器进行互操作价格(公开报价)        人民币报价        7.4万        约15万
routeros
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|手机版|小黑屋|软路由 ( 渝ICP备15001194号-1|渝公网安备 50011602500124号 )

GMT+8, 2024-12-22 20:26 , Processed in 0.074016 second(s), 5 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表